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The Friday Night 
Quandary 


Scenario 
You need information fast 


The current process is not expedient 
Quick turnaround is important for all sides 


What do you do? 


Primary Challenges 


Lack of Focus 
Simplification Needed 
Data Clarity 
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Principles | am 
Looking For? 


Ownership Who gets what? 


Categorization Once they get it, what 
do they do with it? 


Timelines - What is truly new vs 
older? 


Prioritization - After everything is said 


and done, what matters 
most? 
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Where do we need Focus, Simplification, & 
Clarity? 


Goals 


What is important information to my 
organization? 
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Asset Management: 
General 


Active / EOL / EOS Breakdown 
Active — Business as usual 
EOL — Amortize funds for replacement 
EOS — Replace system 
Paring Data Centers — Based on IP 
Grouping — Operating System & Business Units / Owners 


Asset 
Management 
& Indexing 


Prioritization Time 
eling Stamping 


Focus, Simplification, & Clarity : 

*By separating the Active, EOL, & EOS, we can break down different 
actions for different groups. 

*By identifying the datacenters and groups, we can take the raw data 
and work outside of the UI to get quick AD Hoc details. 
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Asset Management: 


Indexing 


Asset 
Management 
& Indexing 


Prioritization 
Modeling 


Time 
Stamping 


Parsing 


Over the course of the first 3 months of the 
program, we identified: 


IP's and DNS listings belong to each group. 
Operating system lifecycles 
e Ifan operating system should be 

considered Remediable or Replaceable at 
our discretion. 

If an IP range is Public or Private 

Baseline readings to compare vulnerability data 

from certain timeframes 

Identify what IP's existed at a certain point in 

time vs. current point. 


Focus, Simplification, & Clarity : 
By utilizing indexing groups, we are able to bring in data and create 


desired tags to add for the report. This allows us to filter 
vulnerabilities based on characterizations. 
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o o o o 
Prioritization 
Each organization has important data 
M * Datacenters 
M O d e | | n 5 e Assets with Intellectual Property 


e Revenue Generating Assets 
e Social Assets (workstations, kiosks, etc.) 


For us, we chose to keep the process simple 
e Location component based on value of the data 


M ph Prioritization Time Parsing * CVSS Score 
& Indexing Mesai Samping e Seve rity Rating 


e Days outstanding 
e Exploitability RTI's 


Focus, Simplification, & Clarity : 
We created a ranking process unique to our needs. This gave each 


team a simple, clear and focused plan of attack. 


© Qualys. 


Time Stamping — 
Modifications ae 


With Alteryx, we are able to take the timestamp and parse it and create days 
since categories where we have a tangible number outside of the timestamp. 


Management dane“ Sart Parsing Such as “Days since last scanned / We can create buckets make 
Days since first scanned” filtering easy. 


Focus, Simplification, & Clarity : 
By creating days since categories, filtering ages becomes a simple, 


scalable task. It identifies how many days have lapsed from when 
the scan report was run to the days since identification. 
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Parsing 


What is important information to my 
organization? 


e In the event that we are needing to view the highest level we can easily 
(Windows) 


e In the event that we want to group by the operating system name, that is also 
an option. (Windows 2000) 


e Simple parsing allows us to break these two items up and report separately. 


Focus, Simplification, & Clarity : 
By parsing datasets, we can get specific data that may be 


inherent in the base data from Qualys. 
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What Does the Workflow Look 
Like? 
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THE PROCESS IS SIMPLE BUT DETAILED 
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Outcome 


e With Alteryx, we were able to process modifications in less than 1 
minute. 


e Pushed out a simple Excel sheet that had ownership parsed and 
tabbed for simple and clear usages. 


e Created a historical repository of all auditable vulnerabilities. 
e We were able to reduce vulnerabilities by 85%. 


This was all because we simplified the system and provided 
clear and actionable results in the language my team spoke. 
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Case Study: 2019 


Researchers find stealthy MSSQL server 
backdoor developed by Chinese cyberspies 


ESET finds new 'skip-2.0' backdoor developed by Chinese cyber-espionage group, targeting MSSQL v12 and 
v11 


8 By Catalin Cimpanu for Zero Day | October 21, 201 09:30 GMT (02:30 PDT) | Topic: Security 


Microsoft" 


é SQL Server 


https://www.zdnet.com/article/researchers-find-stealthy-mssgl-server-backdoor-developed-by-chinese-cyberspies/ 
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